Malware Insights
The file is identified as malicious by ClamAV with a specific phishing signature related to Roblox. It contains numerous embedded URLs pointing to domains that also appear to be related to Roblox cheats or currency, suggesting a phishing or scam attempt. The document body, though heavily obfuscated, contains references to 'Roblox Shades Free' and 'wkhtmltopdf', indicating a potential lure for game-related content. No scripts were extracted, but the presence of external URIs and the phishing signature strongly suggest a malicious intent to redirect users to potentially harmful sites.
Machine Learning
- Nyx PDF Classifier clean score 0.1227
Heuristics 4
-
ClamAV: Pdf.Phishing.Roblox062100-9873116-0 critical CLAMAV_DETECTIONClamAV detected this file as malware: Pdf.Phishing.Roblox062100-9873116-0
-
Visual download / call-to-action button lure low SE_DOWNLOAD_BUTTONDocument contains a call-to-action phrase ('Click here to download', 'Download Now', etc.) — low-signal unless other findings point to a malicious workflow
-
External URI info PDF_URIPDF contains an external URL action
-
Embedded URL info EMBEDDED_URLOne or more URLs were extracted from the document. The URL itself is not a detection — see the per-URL labels for which channel (macro, JS, link annotation, document body, ...) reached each URL.URL http://gaminggenerator.org/app/431946152/roblox-shades-free PDF link annotation
- http://safeandsecurelocksmith.ca/images/free-roblox-currency.pdfIn PDF document text
- https://newenglandafs.com/images/get-free-robux-denis.pdfIn PDF document text
- https://digitalsenseafrica.com.ng/images/free-posed-ffreddy-roblox.pdfIn PDF document text
- http://britishcomics.com/images/free-robux-glitches-2021.pdfIn PDF document text
- http://standart-lab.ru/images/birmungham-airport-roblox-free.pdfIn PDF document text
- https://pa-waingapu.go.id/images/how-to-get-a-lot-of-robux-hack.pdfIn PDF document text
- http://pa-tanjungselor.go.id/images/roblox-hack-robux-pastebin-octubre-2021.pdfIn PDF document text
- http://pia2000.net/images/how-to-cheat-in-hole-in-the-wall-roblox.pdfIn PDF document text
- http://www.visiblefilm.com/images/cheat-engine-roblox-tricks.pdfIn PDF document text
- https://europe-upkl.eu/images/best-roblox-games-to-hack-in.pdfIn PDF document text
- https://reggieslockandkey.com/images/bad-busiiness-roblox-hack.pdfIn PDF document text
- http://abletrustcare.com/images/how-to-get-free-stuff-on-roblox-catallog.pdfIn PDF document text
- https://bancroftandsons.com/images/how-to-get-free-robux-no-hacks-no-scams.pdfIn PDF document text
- http://alexandrion.com/images/free-promo-codes-roblox-december-2021.pdfIn PDF document text
- http://www.lovecraftiana.com.ar/images/how-to-get-free-tokens-in-car-crushers-2-roblox.pdfIn PDF document text
- http://pgk-polaniec.pl/images/free-to-play-games-like-roblox.pdfIn PDF document text
- http://consultinggirona.es/images/free-game-pass-roblox-2021.pdfIn PDF document text
- http://medimacs.eu/images/hacked-roblox-account-for-sale.pdfIn PDF document text
- http://haertetechnik-steinbach.de/images/roblox-free-10-robux.pdfIn PDF document text
- http://www.homesweethome.pl/images/fre-robux-genorator-download.pdfIn PDF document text
- https://komakinosite.jp/images/roblox-bubble-gum-simulator-pet-hack.pdfIn PDF document text
- https://piscinasmundoacuatico.com/images/noclip-hack-roblox-jaibreak.pdfIn PDF document text
- https://gigbagwinkel.nl/images/free-redvalk-code-roblox-news-scam.pdfIn PDF document text
- https://www.utalii.ac.ke/images/roblox-mad-city-hack-2021.pdfIn PDF document text
- http://xn--59-6kcusgqlmfgen3m.xn--p1ai/images/roblox-gui-hack-pastebin.pdfIn PDF document text
- http://iricamidelcuore.it/images/how-do-u-get-free-robux-code.pdfIn PDF document text
- https://www.dierenartsberghman.be/images/free-code-card-robux.pdfIn PDF document text
- http://bibliotheque-perrigny-les-dijon.fr/images/free-tix-roblox-2021.pdfIn PDF document text
- https://open-coffee-drimmelen-geertruidenberg.nl/images/alert-before-hack-roblox.pdfIn PDF document text
- http://finalstand.org/images/how-to-get-free-vip-in-roblox-top-model-2021.pdfIn PDF document text
- http://en.wikipedia.org/wiki/MIT_LicenseIn PDF document text
Extracted artifacts 2
Files carved from inside the sample during analysis.
| Filename | Kind | Source | Size |
|---|---|---|---|
stream_007_off00038a34.bin |
decompressed-pdf-stream | PDF FlateDecoded stream at offset 0x38A34 | 23964 bytes |
SHA-256: dcf2e3f460f50f44ad049093223dc3c77bf96edb788749cd8d9c9652abcf287b |
|||
font_01_sfnt_off0003c053.bin |
pdf-font-stream | PDF embedded font (sfnt) at offset 0x3C053 | 17940 bytes |
SHA-256: 22e66f837e7c5e8245e8a5ca3d53c3664c695f8ff21119d0094c8057344beb1c |
|||
Open this report in the interactive analyzer, or submit your own file for analysis.